Mozilla to pull antiphishing feature from Firefox 2.0 at Google's request
The browser protection relies on an older blacklist protocol
Computerworld - Mozilla Corp. will drop antiphishing protection from the final version of Firefox 2.0 at Google Inc.'s request when Mozilla updates the browser later this month, a company executive confirmed today.
When Mozilla rolls out Firefox 126.96.36.199, the browser will be missing the antiphishing feature that the aging browser has sported since it debuted in 2006, said Mike Beltzner, director of Firefox, in an e-mail today.
"The latest published update for Firefox 2, which is Version 188.8.131.52, has the Phishing Protection feature enabled and working," Beltzner said. "However, the next planned update for Firefox 2, Version 184.108.40.206, will be required to disable this feature."
Firefox 220.127.116.11, which will be the last security update for the browser before Mozilla discontinues support, is currently slated to ship on Dec. 16, according to notes from a status meeting earlier this week. Mozilla's policy is to support a browser for six months after it has been superseded by a new version. The company unveiled Firefox 3.0 in mid-June.
Dubbed "Phishing Protection" by Mozilla, the feature warns users when they attempt to reach a site suspected of hosting identity theft scams. The list of blocked sites is generated by Google, the search company that provided 88% of Mozilla's revenue during 2007.
Beltzner said Google asked Mozilla to disable the feature in Firefox 18.104.22.168 because the older browser line uses an obsolete protocol.
"The Phishing Protection feature in Firefox 2 relies on data provided by Google via the first version of the SafeBrowsing protocol," said Beltzner, who explained that Google and Mozilla had worked together to update the protocol, first to SafeBrowsing v2.1 late last year, and more recently, to SafeBrowsing v2.2.
Firefox 3.0 has relied on SafeBrowsing v2.1 since its release several months ago, but is transitioning to v2.2 this month for its antiphishing and anti-malware features, both which ping Google's servers for blacklists.
"Now that Firefox 2 is reaching the end of its support life span, we have been asked to turn this feature off as Google will no longer be supporting requests using the obsolete SafeBrowsing v1 protocol," said Beltzner.
Users who download Firefox 22.214.171.124, or update to that version later this month, will be told that the feature has been switched off, Beltzner said.
Firefox 3.0, which is currently at 3.0.4 and scheduled to update to 3.0.5 at the same time Mozilla ships the final Firefox 2.0 update, will continue to offer antiphishing protection. Users of the older browser can update to the newer line by downloading Firefox 3.0, or accepting the automatic upgrade offer that will begin reaching them today.
Beltzner said that Mozilla won't offer any antiphishing work-arounds for Firefox 126.96.36.199 users who want to keep using the older browser, but noted that there are similar tools available elsewhere. Alternatives to Firefox's built-in protection include the Netcraft Toolbar, WOT (Web of Trust) and FirePhish extensions, which can be downloaded from Mozilla's add-on site.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!